<?php

header("Content-Type: text/html; charset=UTF-8");
session_start();

$__FILEPATH__ = dirname(__FILE__)."/";
require_once($__FILEPATH__."./func_common.php");
require_once($__FILEPATH__."./class_def.php");
require_once($__FILEPATH__."./conf/info.php");

if (isset($_SESSION["user"]) || isset($_SESSION["admin"]) )
{
	header("Location: ./index.php");
	exit(0);
}

$mysqli = GetMysqliInstance();

if(isset($_POST["submit"]))
{
	$ret = false;
	$username=$_POST["user"];
	$password=$_POST["psw"];
	if($username != "" && $password != "")
	{
		$password = md5($password);
		$strsql = "select password, permission from userlist where username=?";
		$stmt = $mysqli->prepare($strsql);
		$stmt->bind_param("s", $username);
		$stmt->execute();
		$stmt->bind_result($standard_password, $permission);
		while($stmt->fetch())
		{
			if ($standard_password == $password)
			{
				$ret = true;
				$_SESSION["user"] = $username;
				if ($permission == "admin")
					$_SESSION["admin"] = "true";
			}
		}
		$stmt->close();
		if ($ret)
		{
			ClientRedirect("./blog_home.php");
		}
		else 
		{
			echo "<script type=\"text/javascript\">window.alert(\"账号不存在或密码错误！\");history.go(-1);</script>";
		}
	}
	else 
	{
		echo "<script type=\"text/javascript\">alert(\"账号密码不能为空\");history.go(-1);</script>";
	}
}

$mysqli->close();

?>